Search:

Type: Posts; User: compaq; Keyword(s):

Page 1 of 18 1 2 3 4

Search: Search took 0.01 seconds.

  1. Replies
    2
    Views
    1,355

    Re: Changing a program memory to jump to shellcode

    Thanks daedalus1776, but I can't use the bufferoverflow ways. The program uses virtualalloc to make a thread in iexplore.exe and copys some shellcode that calls loadlibary to run a dll.
    The problem...
  2. Replies
    3
    Views
    1,855

    Re: Excellent new learning resource

    Cheers for the link
  3. Replies
    2
    Views
    1,355

    Changing a program memory to jump to shellcode

    Hi
    I've been trying to change a programs memory to jump to some shellcode, i've got the shellcode in there and have changed some data in the TIB region but the program keeps crash as other code uses...
  4. Replies
    12
    Views
    9,365

    Re: Privilege escalation on win7

    Thanks
    I'll try Metasploit.
  5. Discussioni: Simple Shell

    by compaq
    Replies
    0
    Views
    2,288

    Simple Shell

    Being expeminting with shells and the old way of create-process and pipes doesn't seem to work on win 7
    Was complied on visual studio express C++ 2010

    http://pastebin.com/uTFNbbjQ
  6. Replies
    12
    Views
    9,365

    Re: Privilege escalation on win7

    daedalus1776 it is remote, cmd shell, but would beable to upload files
  7. Replies
    12
    Views
    9,365

    Re: Privilege escalation on win7

    IronPunch what api would you use, dllinjection?
    Rastamouse, Can you create a exe that adds a admin account, I really don't know much about Metasploit, what command would I type

    Thanks
  8. Replies
    12
    Views
    9,365

    Privilege escalation on win7

    Hi
    Is there any way to get admin privielage from a user account on windows 7, tools or command line

    Thanks
  9. Replies
    1
    Views
    2,318

    Re: Semi-Isolated Virtal Network

    Hi
    In virtualbox, you could setup the VMs on a bridge network, the router will sply the ip address to the VMs, just don't target the host ip.
  10. Discussioni: DNS spoofing failing

    by compaq
    Replies
    12
    Views
    9,281

    Re: DNS spoofing failing

    Hi Ditto
    with this, can you try ifconfig eth0 mtu 1700 up
    "SEND L3 ERROR: 1525 byte packet (0800:06) destined to 192.168.1.78 was not forwarded (libnet_write_raw_ipv4(): -1 bytes written (Message...
  11. Discussioni: DNS spoofing failing

    by compaq
    Replies
    12
    Views
    9,281

    Re: DNS spoofing failing

    You could try dropping packets from the router "iptables -A INPUT -p udp --srcport 53 -src 192.168.1.1 -j DROP", to see if its repliing first.
  12. Discussioni: DNS spoofing failing

    by compaq
    Replies
    12
    Views
    9,281

    Re: DNS spoofing failing

    Hi The router has probable cached the address and can server it up quicker than the attackers replies. You will have to wait 20mins approx without going to the site, or try some random url in...
  13. Replies
    3
    Views
    919

    Re: /A/IN, /TXT/IN server queries

    It could be a cache attack, if they can find out your default dns sever (gateway,isp,roots hints), then just guessing the port and transaction id they can update the cache, ie google.com = attacker
  14. Discussioni: DNS server emun

    by compaq
    Replies
    1
    Views
    1,195

    Re: DNS server emun

    Just a movie of finding this thing. Software Microsoft windows 2k8, and ida free debugger http://uploading.com/files/get/ec9fddba/res.mp4
  15. Discussioni: DNS server emun

    by compaq
    Replies
    1
    Views
    1,195

    DNS server emun

    Just a trick found why looking at Microsoft server dig @192.168.1.1 version -t TXT -c CH It returns Microsoft DNS 6.1.7601 (id number)
  16. Discussioni: Is this forum dying?

    by compaq
    Replies
    46
    Views
    7,632

    Re: Is this forum dying?

    Personal I think other forums are the same. On this blog there are how-tos on router setup and hack , and some exploit writing, but thats about it. It needs more areas apart from local lan type stuff.
  17. Discussioni: Bunch of questions

    by compaq
    Replies
    13
    Views
    4,631

    Re: Bunch of questions

    My mistake common.mak CFLAGS ?= -g -W -Wall -Werror -O3
  18. Replies
    13
    Views
    6,534

    Re: Part one of an ASM ghostwriting PoC script

    Hi some obfuscating code
    The code proable needs modifing
    Three part
    256 array for random stuff
    16 array of password
    0xf0 for shellcode


    mov eax, 0x01400101 //find empety spot on heap
    and...
  19. Discussioni: Bunch of questions

    by compaq
    Replies
    13
    Views
    4,631

    Re: Bunch of questions

    Hi xinus01 5. What exacly is PMK and workunit?, PMK is pair master key, it takes for input the essid and passphrase and loops 8000times throught sha1(it takes alot of work), from there its a simple...
  20. Replies
    13
    Views
    6,534

    Re: Part one of an ASM ghostwriting PoC script

    jmp and calls shouldn't set any eflags, jz/jnz,test and cmp sets zero flag, jge/jae/ele/jl/jg set overflow and carry flags. you can use popf and pushf with and/or &0x40(zero flag i think etc)
  21. Replies
    13
    Views
    6,534

    Re: Part one of an ASM ghostwriting PoC script

    The line by line substation, say you have xor eax, eax; push eax push eax inc eax push eax connect The brute force part will workout that it needs two push of 0x00 and one of 0x01, and will create a...
  22. Replies
    13
    Views
    6,534

    Re: Part one of an ASM ghostwriting PoC script

    Its a good base, was thinking you've keeping track of the registers, you could have a brute force part that takes from one line forward ten say(auto or manual), and get it to generate different...
  23. Replies
    13
    Views
    6,534

    Re: Part one of an ASM ghostwriting PoC script

    Thanks, for the jumps you could make people enter jz 0x40 in the asm code rather than jz label.
  24. Replies
    3
    Views
    1,139

    Re: raw sockets, not getting reply

    Hi I was use the one below udp with some modification. wireshark says the packet is all right, i've also tried send a packet exactly the same as netcat to the port, netcat works and hping3 does but...
  25. Replies
    3
    Views
    1,139

    raw sockets, not getting reply

    Hi
    Not sure if this is a bug or i'm doing something wrong. I'm following http://www.tenouk.com/Module43a.html example and trying to send a syn packet to my router, but i'm not receiving a syn/ack...
Results 1 to 25 of 428
Page 1 of 18 1 2 3 4